Hackers release decrypted Stuxnet code -- but don't panic

Stuxnet code stolen from HBGary is less dangerous than versions of the worm that are already out there

With all the fuss out there about Stuxnet, a headline like "Anonymous hackers release Stuxnet worm online," as seen on Foxnews.com, is bound to stir up a little panic. The worm has been deemed a game-changer in the world of cyberwarfare, and experts have said it's caused more damage to Iran's nuclear facilities than a pinpoint missile attack could have.

Fortunately, the aforementioned hackers have not effectively handed the bad guys of the world the equivalent of a recipe for homemade anthrax or a do-it-yourself nuclear bomb. Rather, they've released a stolen decrypted version of Stuxnet that has academic value but, in and of itself, can't be used any time soon for malicious purposes. Tthe most damage Anonymous has caused here is to the reputation of U.S. security company HBGary, the victim of the theft.

A kinder, gentler Stuxnet
Evidently, HBGary got its hands on Stuxnet, then decrypted -- or translated -- it for closer study. Anonymous, which views HBGary as an enemy, managed to break into the company's databases on Sunday and snag the decrypted code; it has since made the code available to the public.

The theft is a black eye for HBGary, a professional security company that should be able to protect its databases from hackers. But the theft doesn't mark a pivotal moment in cyber crime history when the bad guys everywhere suddenly have their hands the tools to take out nuclear facilities around the globe. According to Immunity CEO Dave Aitel, this version of Stuxnet is "essentially incomprehensible."

The worst is already out there
InfoWorld Security Adviser blogger Roger Grimes agreed with Aitel's assessment, noting that the raw Stuxnet binary code is more dangerous -- and already fairly easy to get. The code could be reverse engineered and re-engineered for malicious intent, but even it doesn't represent too significant a threat, according to Grimes.

For one thing, operators of nuclear facilities will have taken steps to strengthen their defenses so that they aren't the next victims of a Stuxnet-like attack. Stuxnet could be used on other targets, even within the energy sector, Grimes noted, but that has always been the case.

The bottom line is that Stuxnet itself is a game-changer. Its birth and successful attack on Iran marked the start of a new chapter in cyber warfare. But the genie is out of the bottle. The code is on the loose, in a more dangerous form than the one swiped from HBGary. Security admins and vendors will figure out ways to defend against Stuxnet as bad guys figure out ways to re-engineer the code and use it for evil purposes.

Inevitably, in the not-too-distant future, a new worm will emerge that will be even more destructive than Stuxnet.

This story, "Hackers release decrypted Stuxnet code -- but don't panic," was originally published at InfoWorld.com. Get the first word on what the important tech news really means with the InfoWorld Tech Watch blog. For the latest business technology news, follow InfoWorld.com on Twitter.


Copyright © 2011 IDG Communications, Inc.

How to choose a low-code development platform